Description:

Zhang will present a talk entitled "Dynamic Program Analyses & Their Security Applications" on Wednesday, February 14 at 2:00 PM in Ford ITW Room.

Abstract: Dynamic analyses analyze runtime information collected during program execution. They can be classified to two categories: temporal analysis that inspects execution history and spatial analysis that studies states of program execution (e.g., memory states and disk states). They have a wide range of applications in various areas such as software security, debugging, and testing.

In this talk, I will introduce a number of our dynamic analysis projects. Particularly, I will present two kinds of temporal analyses: (1) audit logging; and(2) forced execution. Audit logging analyzes software system behavior by inspecting their system level event traces such as file reads/writes and sockets sends/receives. It is critical for understanding advanced security attacks to enterprise systems. Forced execution forces a program to execute even when the required environmental and input conditions are not satisfied. It is highly-effective in disclosing hidden malicious logic in executable programs. In the presentation, I will discuss how audit logging can be used to analyze Advanced Persistent Threat (APT) attacks and how forced execution can be used to disclose stealthy unwanted behaviors in a large number of iOS apps.

I will also introduce memory forensic analysis, which is a kind of spatial analysis. It inspects the memory snapshot of a process to recover critical information such as the files that are being edited in a document processing software, the ongoing conversation in a social-networking software, and the pictures that were taken by a camera app in the past but not saved to disk. Such information is extremely useful in attack investigation.

Bio: Xiangyu Zhang is a professor and University Scholar at Purdue University. He works on dynamic and static software analysis and their applications in software security, forensic analysis, software debugging and testing. He has received the 2006 ACM SIGPLAN Distinguished Doctoral Dissertation Award, NSF Career Award, ACM SIGSOFT Distinguished Paper Awards, Best Student Paper Award on USENIX Security'14, Best Paper Award on CCS'15 and Distinguished Paper Awards on NDSS'16 and USENIX SECURITY'17. He has also co-supervised a dissertation that won the ACM SIGSAC Doctoral Dissertation Award in 2017.